Input validation error in cURL - CVE-2016-8625

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU33014

Input validation error in cURL - CVE-2016-8625

Published: August 1, 2018 / Updated: August 3, 2020


Vulnerability identifier: #VU33014
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-8625
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
cURL
Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.


Remediation

Install update from vendor's website.

External links